I received an interesting e-mail yesterday from a check_esxi_wbem user. Prior the release of ESXi 4.1 it was possible to create a read-only user which was used to run the plugin, e.g.:

https://192.168.1.4 someuser somepassword dell

Since the ESXi 4.1 release an error "Authorization failed" is now returned. Here's a work-around, how to use a user which is not root. Note: In any case, using the root-user will still work!

- In the vSphere client select the ESXi host, open "Local Users&Groups" tab- Add a new user with the following or similar details:User: nagios, UID: 1001, Name: Nagios User, Password: Test-12345, Add to group rootIt is necessary that the password contains at least one capital letter, at least one lower case letter and at least a number. The password has also a minimal and maximum length. If the password is not good, you'll get an error message. And yes, unfortunately it is necessary to add the new user to the group 'root'. The other groups won't work. But that doesn't mean that the new user now has root rights. SSH is per default disabled in ESXi servers and even it it were enabled, the following entry was added into the /etc/passwd file:

/etc/passwd:nagios:x:1001:0:nagios user:/home/nagios:/sbin/nologin

And once again, this only affects check_esxi_wbem plugin-users which don't use the root-user to query the vSphere CIM.

The solution is very simple. You need create user normally. You cant set group, no problem.

goes to permisstion tab, and click add permission.

selece the user you like to grant administration privilegies, and select administrator privilege role.

The best option probably is create a role only with sensors permisions, but I not know to create it yet.

Leo

Kim from wrote on Jan 14th, 2013:

vsphere 5.1 does not support localgroup, what is a option to use another user account to query the esxi cim? I do not want to use root user and password on nagios.

Leonardo Lage from Brazil wrote on Dec 26th, 2012:

Hello,

Now on vsphere 5.1 not have more root group, what is a option to use another user to your plugin check esxi? I not like to use root user and pass on nagios.

Thank you

Mircea Vutcovici from wrote on Jun 20th, 2011:

The root group is mapped to Administrator role in ESX. This means that nagios user will have access to all operations over ESX server. If you change to a limited role and even to a clone of Administrator role it will not work. It is working only with the built in Administrator role. The group can be any group, but that group must be mapped to Administrator role.